Attacks/Breaches

3/19/2018
07:00 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Cybercriminals Launder Up to $200B in Profit Per Year

Cybercrime funds make up 8-10% of all illegal profits laundered and amount to $80-200 billion each year.

Cybercriminals launder an estimated $80-200 billion in illegal profit each year, which amounts to 8-10% of all illegal proceeds laundered around the world. Virtual currencies are the most common tool used for money laundering - but Bitcoin isn't quite as trendy among hackers.

The data comes from Into the Web of Profit, an independent academic study sponsored by Bromium and conducted by Dr. Mike McGuire, senior lecturer in Criminology at Surrey University in England. It's a nine-month study into the macroeconomics of cybercrime and how cybercriminals "cash out" the funds they generate through illegal activity.

With his academic background as a criminologist, Dr. McGuire has a decidedly different approach to cybercrime and focuses on how human factors affect behavior. In other words, he explores "not just that there are bad guys doing bad things, but the way responses are made."

This study began as a simple question: What do cybercriminals spend their money on? However, it quickly evolved as Dr. McGuire discovered what he calls the "cybercrime economy." His research turned into a broader study on how money flows around the criminal ecosystem.

"We've got to move beyond this idea that cybercrime is like a business - it's more than that. It's like an economy which mirrors the legitimate economy," he explains. "Increasingly, what we're seeing is the legitimate economy is feeding off the cybercrime economy."

This economy consists of three parts: how cybercriminals' revenue is generated, where that money goes, and what they do with the money when they move it around. Once the flow of money is understood, businesses can better determine how to protect themselves.

Virtual Currency is in. Bitcoin is out.

There are several reasons why cybercriminals are turning to cryptocurrency. They're easily acquired, for one, and they have a reputation for enabling anonymous transactions.

Cybercriminals often cash out their virtual currencies by directly converting them into assets. Several sites, including Bitcoin Real Estate, let customers buy high-value properties (think tropical islands and penthouses in Paris) while evading financial regulators.

About 25% of all property sales will be conducted in cryptocurrency within the next few years, the report states. It's concerning to financial analysts who fear swift and sneaky transactions, often paid for with criminal proceeds, will disrupt the global property market.

However, attackers are learning some digital currencies are more appealing than others.

"There's almost a wholesale movement away from Bitcoin in the cybercrime world," says McGuire. Bitcoin's blockchain technology means all transactions are transparent, even if the users' identities remain concealed.

This transparency has caused cybercriminals to explore software "tumbler" tools like CoinSwap and CoinJoin to hide where their payments come from. Yet even these are ineffective. Researchers at Princeton found data often leaks during these Web interactions through trackers and cookies. As a result, it's possible to pinpoint users in 60% of transactions.

Now cybercriminals are adopting more anonymous currencies like Monero and Zcash.

Laundering via Gaming and Paypal

Cybercriminals often convert stolen funds into in-game currencies and then back into Bitcoin or other digital currencies. Popular games for this tactic include FIFA, Minecraft, World of Warcraft, Final Fantasy, Star Wars Online, and Grand Theft Auto 5.

FinCEN has stated that with respect to laundering, any person or business involved with currency exchange within games may be prosecuted as a "money transmitter." Gaming companies are also increasingly aware that criminals leverage their games for fraud. Kabam, for example, warned users of possible misure of the currency used in its "Hobbit" game.

Digital payment systems (DPS), most frequently PayPal, are also exploited because they can be used anonymously. They're most effective when they can be combined with other laundering techniques and resources, Dr. McGuire found. Many use sites like Ebay, which owns PayPal, to conduct the laundering so the activity seems less suspicious when it's processed in PayPal.

By collecting data on online forums and interviewing both experts and cybercriminals, Dr. McGuire learned at least 10% of them used PayPal in some capacity to launder money - in some cases, up to £250,000, even though PayPal only allows a maximum of £2,500 per transaction.

Some criminals resort to micro-laundering, in which they use thousands of small electronic payments to launder a large sum of money. Dr. McGuire notes that during the HSBC laundering incident, testimony indicated that bank employees used PayPal to launder cash. Their process started with amounts as small as $0.15 over a period of up to 60 days. Over time they laundered hundreds of thousands of dollars through several PayPal accounts.

Dr. McGuire says while up to $200 billion is laundered each year, there is a gap between how much is made in cybercrime and how much is being laundered. The security community has to do more, he says, to stop the criminal and legitimate economies from interconnecting.

"The problem here is the cyber economy and the legitimate economy is so intertwined that some laundering is going on in cyber, then back to the real world, then back to cyber," he explains.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Early bird special ends 3/16 - use promo code 200KS for an extra $200 off. Check out the security track here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DallasBishoff
100%
0%
DallasBishoff,
User Rank: Author
3/19/2018 | 10:48:25 AM
Cyber Criminals Have Mortgages
It's important for security professionals to understand their adversaries. While script kiddies are still part of the threat landscape, the real bad guys are educated, professional, disciplined, well financed, and share and conduct business within their world.

As I frequently point out to consulting clients, the bad guys pay mortgages. Their craft is their professional. They take it seriously. We have to take them serious. 
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17321
PUBLISHED: 2018-09-22
An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action.
CVE-2018-17322
PUBLISHED: 2018-09-22
Cross-site scripting (XSS) vulnerability in index.php/index/category/index in YUNUCMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the area parameter.
CVE-2018-14889
PUBLISHED: 2018-09-21
CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability.
CVE-2018-14890
PUBLISHED: 2018-09-21
Vectra Networks Cognito Brain and Sensor before 4.2 contains a cross-site scripting (XSS) vulnerability in the Web Management Console.
CVE-2018-14891
PUBLISHED: 2018-09-21
Management Console in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local privilege escalation vulnerability.